Oracle Breaks Zero-Day Cycle

By ServerWatch Staff (Send Email)
Posted Feb 8, 2010

The WebLogic Server Node Manager utility is used to start, shut down, and restart the Administration Server and Managed Server from remote locations. As noted in the news report on Softpedia, a critical flaw in WebLogic Node Manager was disclosed two weeks ago.

Oracle forced to address a critical vulnerability in the WebLogic Node Manager utility after exploit code was released to the public.

"All versions of WebLogic Server from 7.0 and above are affected, but the impact on Windows-based servers is particularly severe, because successful exploitation will lead to full system compromise. On Linux and UNIX systems attackers will only gain the permissions of the user WebLogic server is being run from.

"Evgeny Legerov, founder of Moscow-based Intevydis, previously warned earlier this month that his company would disclose serious vulnerabilities affecting a wide range of software products as zero-days. The researcher seems to hold a grudge against vendors, that fail to release patches in a timely manner and because of this he ceased to follow what are known across the industry as 'responsible disclosure practices.'"

Read the Full Story at Softpedia

Page 1 of 1

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.